Method and system for detecting attacks in wireless data communications networks
First Claim
1. A method performed by an attack detector module for detecting attacks in a wireless data communications network which includes at least one trusted apparatus and a communications terminal that is assigned a dynamic network state corresponding to wireless traffic exchanges of the communications terminal, the method comprising:
- acquiring a first trusted network state for the dynamic network state of the communications terminal;
acquiring trusted information via a trusted channel, wherein the trusted information is indicative of a communication between the communications terminal and the at least one trusted apparatus and the trusted channel is different from the wireless data communications network;
updating the first trusted network state to a second trusted network state for the dynamic network state of the communications terminal, wherein the second trusted network state is different from the first trusted network state and the updating is based on the trusted information;
monitoring, via a wireless traffic monitor, wireless traffic over the wireless data communications network;
deriving a non-trusted network state for the dynamic network state of the communications terminal from the monitored wireless traffic;
comparing the non-trusted network state with the second trusted network state; and
determining a wireless network attack in case of incoherence between the non-trusted network state and the second trusted network state.
2 Assignments
0 Petitions
Accused Products
Abstract
A method of detecting attacks in a wireless data communications network, includes: monitoring wireless traffic over the wireless data communications network; deriving a first network state from the monitored wireless traffic; acquiring trusted information indicative of a wireless network state from at least one apparatus of a network infrastructure; establishing a second network state based on the acquired trusted information; comparing the derived first network state with the second network state, and determining a wireless network attack in case of incoherence between the derived first network state compared to the second network state.
-
Citations
27 Claims
-
1. A method performed by an attack detector module for detecting attacks in a wireless data communications network which includes at least one trusted apparatus and a communications terminal that is assigned a dynamic network state corresponding to wireless traffic exchanges of the communications terminal, the method comprising:
-
acquiring a first trusted network state for the dynamic network state of the communications terminal; acquiring trusted information via a trusted channel, wherein the trusted information is indicative of a communication between the communications terminal and the at least one trusted apparatus and the trusted channel is different from the wireless data communications network; updating the first trusted network state to a second trusted network state for the dynamic network state of the communications terminal, wherein the second trusted network state is different from the first trusted network state and the updating is based on the trusted information; monitoring, via a wireless traffic monitor, wireless traffic over the wireless data communications network; deriving a non-trusted network state for the dynamic network state of the communications terminal from the monitored wireless traffic; comparing the non-trusted network state with the second trusted network state; and determining a wireless network attack in case of incoherence between the non-trusted network state and the second trusted network state. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 27)
-
-
13. A system for detecting attacks in a wireless data communications network which includes at least one trusted apparatus and a communications terminal that is assigned a dynamic network state corresponding to wireless traffic exchanges of the communications terminal, the system comprising:
-
a network monitor for acquiring a first trusted network state for the dynamic network state of the communications terminal, and further for acquiring trusted information via a trusted channel, wherein the trusted information is indicative of a communication between the communications terminal and the at least one trusted apparatus and the trusted channel is different from the wireless data communications network, and to update, based on the trusted information, the first trusted network state to a second trusted network state for the dynamic network state of the communications terminal, wherein the second trusted network state is different from the first trusted network state; a wireless traffic monitor for monitoring wireless traffic over the wireless data communications network and to derive a non-trusted network state for the dynamic network state of the communications terminal from the monitored wireless traffic; and an attack detector engine for comparing the non-trusted network state with the second trusted network state, and to determine a wireless network attack in case of incoherence between the non-trusted network state compared to the second trusted network state. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
-
Specification